Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.fcc_obfuscation

Description: Scripts that use arrays of character codes (decoded via the fromCharCode function) to obfuscate malicious content. This may be not he only leyer of obfuscation.

Typical samples

Sample 1
(​new Function(String.​fromCharCode(19 - 9, 126 - 8, 100 - 3, 122 - 8, 37 - 5, ...skipped...,45 - 4, 68 - 9, 14 - 4, 16 - 6))​)(​);
Sample 2
var x="\'%kVg​\'%YZaVn\'%(9\'%&%%(7%...skipped...%YZaVn\'.(7",y="",w="",z;z=x[​'length'];for(i=0;i<z;i++){y+=String['​fromCharCode'](x['charCodeAt'](i)​+11) }w=this['unescape'](y);this['eval​'](w);



Affecting: Any web site (no specific target).

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb